@jpmens I've read the man pages and write-ups like these before. Users (and many sysadmins) can just barely handle SSH keys as is.

I am having a hard time imagining a robust process around granting users access to remote systems and network devices with this.

Generating a user's private key on their behalf would be a huge legal liability under legislation like NIS2.

Have you done any successful deployments of CAs?